Data Harvested from 50 Million Facebook Profiles in Major Breach

Over the past week, major corporation Facebook has come under fire for the illicit gathering of user information. The personal data has been harvested by a company known as 'Cambridge Analytica', which is a political consultancy company that participated in the Presidential campaign of 2016, which saw Donald Trump elected.

Thanks to the word of a whistle-blower on the inside, we can share how Cambridge Analytica collected this data from a massive 50 million different profiles, going on to use it in the development of software algorithms that could profile each individual and work out how they would vote. Subsequently, they developed targeted advertising, in an effort to influence the opinions and votes of the affected people.

Harvested data

Cambridge Analytica were able to harvest personal data through the use of a Facebook-linked application called 'thisisyourdigitallife', which posed as a personality test. An employee of the company offered cash rewards to encourage participation in the test, which was touted as being for research purposes. Unfortunately, as this was willing participation, Facebook went on the defensive, quickly issuing the following statement when the news broke:

“The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”

Not only did the application gather information voluntarily provided by the users, but it also dredged up additional data belonging to the participant's group of linked friends without obtaining their consent. According to Facebook's own privacy policy, the data provided through linked applications can only be used to improve the app experience, and not be shared with anyone.

Although only around 250,000 people voluntarily gave up their information as a result of the 'research study', it was a huge total of approximately 50 million users that had their data compromised.

Response from Facebook

Around 4 years ago, a former advisor of Donald Trump's Presidential campaign was the leader of Cambridge Analytica, though it wasn't until 2016 that Facebook became aware of the data breach. When they did, it still took several months for them to order the company to delete the data they have gathered. What’s more, the company ignored Facebook’s order, and Facebook never followed up to check whether the order had been actioned – it hadn’t.

This week, the founder of Facebook, Mark Zuckerberg, posted a long response to the situation. We won’t share the full statement in this article, but it included the following quote:

“Last week, we learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. We immediately banned them from using any of our services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We're also working with regulators as they investigate what happened.”

Facebook is now facing a full investigation by the US Federal Trade Committee (FTC), following on from a case raised in 2011, where the social media giant promised the FTC that it would improve its privacy settings to prevent third party companies from getting hold of user data.

The FTC has it within their power to fine Facebook $40,000 for each breach of the settlement agreed in 2011. If you multiply this figure by the 50 million violations that took place, then Facebook could be looking at catastrophic financial ruin.

Should you be worried?

Here's how the situation could relate to you and your data. In addition to being under investigation by the FTC, the British Information Commissioner's Office (BICO) is conducting their own investigation to determine whether the company could've used similar methods to influence Brexit votes. If it did, then your data may have been harvested at some point.

However, the good news, if you can take any away from this situation, is that the information was generally used for targeted advertising. On the face of it, it doesn’t appear that anybody’s data was at risk of being stolen for criminal purposes, and it’s likely that all data will be deleted as part of ongoing investigations if not already.

If you have any concerns about your ongoing online security, then you can contact WiseGuys for advice by phone on 0808 123 2820.